<?php
header("Content-Type:text/html; charset=utf-8");
session_start();

require_once('admin/config.php');
$conn = mysql_connect($cfg_dbhost,$cfg_dbuser,$cfg_dbpwd);
mysql_select_db($cfg_dbname,$conn);
$user_name=strtolower((string)$_POST["email"]);
$user_pass=strtolower((string)$_POST["password"]);

if(empty($user_name)||empty($user_pass)){
echo "<script language=JavaScript>\r\n";
echo "alert('Username or password cannot be empty!');\r\n";
echo "location.href='login.php'\r\n";
echo "</script>";
}else{
	function check($str){
if(strstr($str,"'")||strstr($str,";")||strstr($str,"union")||strstr($str,"‘")||strstr($str,"#")||strstr($str,"!")||strstr($str,"*")||strstr($str,"&")||strstr($str,"^")||strstr($str,"$")){
return "ok";
}else{
return "no";
}}
if(check($user_name)=="ok"||check($user_pass)=="ok"){
echo "<script language=JavaScript>\r\n";
echo "alert('Contains illegal characters!');\r\n";
echo "location.href='login.php'\r\n";
echo "</script>";
}else{
$sql="select * from ph_user where user_name='".$user_name."' and user_pass='".$user_pass."'";
$result=mysql_query($sql);
if(mysql_num_rows($result)<1){
echo "<script language=JavaScript>\r\n";
echo "alert('Incorrect account name or password!');\r\n";
echo "location.href='login.php'\r\n";
echo "</script>";
}else{
$row=mysql_fetch_array($result);
$sqls="select * from ph_order where userid='".$row["ID"]."' and Status='Pending'";
$results=mysql_query($sqls);
while($rows=mysql_fetch_array($results)){
	$myDate=date('Y-m-d H:i:s',time());
	$nDays=$rows["Split"];
	$newdate=date('Y-m-d H:i:s',strtotime($rows["Order_date"].'+'.$nDays.'days'));
	if(strtotime($myDate)-strtotime($newdate)>0){
$sqla="update ph_order set Status='Completed' where id='".$rows["ID"]."'";
mysql_query($sqla);
}}
$_SESSION["userislogin"]="iwaslogined";
$_SESSION["username"]=$user_name;
$_SESSION["userid"]=$row["ID"];
echo "<script language=JavaScript>\r\n";
echo "location.href='dashboard/index.php'\r\n";
echo "</script>";
}}}
?>